Privacy Policy
Last updated: June 19, 2026 | Effective: June 19, 2026
1. Introduction
XXX Ltd ("we", "us", "our", "Company", or "XXX") operates the website XXX.com and related services (collectively, the "Service"). We are committed to protecting your privacy and ensuring transparency in how we collect, use, and protect your personal information.
Data Controller: XXX Ltd is the data controller responsible for your personal information. This Privacy Policy complies with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), Privacy Act 1988 (Australia), and other applicable privacy and data protection laws.
2. Information We Collect
We collect information in the following ways:
A. Information You Provide Directly
- Account Registration: Full name, email address, phone number, date of birth, country of residence
- Visa Information: Visa type, visa subclass, visa expiry date, country of origin
- Work Information: Work experience, employment history, qualifications, references
- Farm Information (for farmers): Business name, ABN, farm location, contact details, bank account information
- Payment Information: Credit card details (processed securely by Stripe, not stored by us)
- Communication Data: Messages, feedback, support requests, survey responses
- Profile Information: Photo, biography, skills, documents (resume, credentials)
B. Information Collected Automatically
- Device Information: Device type, operating system, device identifiers, mobile network information
- Usage Data: Pages visited, time spent on pages, links clicked, referral sources, search queries
- Technical Information: IP address, browser type, browser version, cookies, web beacons
- Location Data: Approximate location based on IP address (can be disabled)
- Log Data: Access times, error reports, server logs
C. Information from Third Parties
- Service Providers: Stripe (payment processor), Supabase (backend infrastructure)
- Analytics Platforms: Google Analytics for aggregated usage statistics
- Social Media: If you connect via social login (with your consent)
3. Legal Basis for Processing Your Data (GDPR)
Under the GDPR, we process your personal data based on:
- Contract Fulfillment: Processing necessary to provide the Service and fulfill your account requirements
- Consent: Where you have explicitly consented (marketing emails, optional analytics)
- Legal Obligation: Where required by law (tax records, fraud prevention, immigration compliance requirements)
- Legitimate Interest: To improve our Service, prevent fraud, and maintain security
- Vital Interests: Where necessary to protect health and safety
4. How We Use Your Information
We use your information for:
- Providing and maintaining the Service
- Processing job applications and connections between workers and farms
- Calculating credited days and visa eligibility (for informational purposes)
- Processing payments and subscriptions
- Sending transaction-related communications
- Providing customer support and responding to inquiries
- Detecting, preventing, and addressing fraud, abuse, and technical issues
- Maintaining security and preventing unauthorized access
- Improving and optimizing the Service
- Gathering analytics and usage statistics (aggregated and anonymized)
- Complying with legal obligations and regulations
- Enforcing our Terms of Service and other agreements
- Marketing communications (only with your opt-in consent)
5. How We Share Your Information
We do not sell your personal data. We may share your information in the following circumstances:
A. Necessary for Service Provision
- Farms & Employers: Your profile information (name, location, skills, experience) to facilitate job connections. Farms cannot see your email without your approval.
- Workers: Your farm information (location, work available, description) to matching job-seekers
B. Service Providers
- Stripe: Payment processing (credit card tokenized, never seen by us)
- Supabase: Cloud infrastructure and database (your data is encrypted)
- Email Providers: For transactional emails (password resets, confirmations)
- Analytics: Google Analytics (anonymized data only)
C. Legal Requirements
- When required by law, court order, or government request
- To protect our legal rights, privacy, safety, and property
- To prevent fraud, abuse, or security threats
D. Business Transfers
If we are acquired, merged, or undergo substantial reorganization, your information may be transferred as part of that transaction. We will provide notice before your data is subject to a different privacy policy.
6. Your Privacy Rights
A. GDPR Rights (EEA & UK Users)
You have the following rights under the GDPR:
- Right of Access: You can request a copy of all personal data we hold about you
- Right to Correction: You can correct inaccurate or incomplete personal data
- Right to Deletion ("Right to Be Forgotten"): You can request deletion of your data (subject to legal retention requirements)
- Right to Restrict Processing: You can request we limit how we use your data
- Right to Data Portability: You can request your data in a machine-readable format
- Right to Object: You can object to marketing and certain processing activities
- Right to Withdraw Consent: You can withdraw consent at any time (doesn't affect prior processing)
- Right to Lodge a Complaint: You can file a complaint with your local data protection authority
B. CCPA Rights (California Users)
Under the California Consumer Privacy Act, California residents have the right to:
- Know: What personal information we collect and how it's used
- Delete: Request deletion of personal information (with exceptions)
- Opt-Out: Opt-out of the "sale or sharing" of personal information (we do not sell data)
- Non-Discrimination: We will not discriminate against you for exercising your rights
- Correction: Request correction of inaccurate data
C. Australian Privacy Act Rights
You have rights under the Privacy Act and Australian Privacy Principles including access, correction, and complaint rights.
Exercising Your Rights
To exercise any of these rights, please contact us at XXX@XXX.com with your request. Include your full name and account email. We will respond within 30 days (or as required by applicable law).
7. How Long We Keep Your Data
- Active Account Data: While your account is active and for 5 years after account termination (unless otherwise required)
- Transaction Records: 7 years (required for tax and legal compliance)
- Marketing Emails: Until you unsubscribe
- Log Data: 90 days (for security and fraud detection)
- Cookies: As specified in our Cookie Policy
We may retain data longer if required by law or necessary for legitimate business purposes. Deleted data is securely destroyed and cannot be recovered.
8. Data Security
We implement comprehensive security measures to protect your personal data:
- Encryption in transit (TLS/SSL) and at rest
- Secure authentication (password hashing, multi-factor authentication available)
- Regular security audits and penetration testing
- Restricted access to personal data (only authorized personnel)
- Compliance with industry standards (SOC 2, ISO 27001 principles)
- Incident response procedures for any data breaches
Important: While we strive to use reasonable security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security. You use the Service at your own risk.
9. International Data Transfers
Our servers are located in Australia. If you are located in the EEA or UK, we ensure your data has adequate protection through Standard Contractual Clauses (SCCs) and appropriate safeguards approved under the GDPR.
10. Special Categories of Data
We do not intentionally collect special categories of data (such as health information, biometric data, racial or ethnic origin, etc.). If such information is revealed by you, we will only use it as necessary to provide the Service or comply with legal obligations. You should not provide such information unless necessary.
11. Children's Privacy
Our Service is not directed to individuals under 18 years old. We do not knowingly collect personal information from children under 18. If we discover we have collected data from a child, we will delete it immediately. If you believe we have collected information from a child, please contact us immediately.
12. Third-Party Links and Services
Our Service may contain links to external websites and services (Department of Home Affairs, banks, etc.). We are not responsible for their privacy practices. Please review their privacy policies before providing your information. This Privacy Policy only applies to our Service.
13. Your Choices and Controls
- Email Preferences: Unsubscribe from marketing emails anytime by clicking the link in the email footer
- Cookies: Manage your cookie preferences on our Cookie Settings page
- Profile Visibility: Control what information is visible to other users in your account settings
- Location Data: Disable location services in your device settings
14. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors. When we update this policy, we will revise the effective date. Material changes will be communicated via email or prominent notice on the Service. Your continued use of the Service after updates constitutes your acceptance of the updated Privacy Policy.
15. Contact & Data Protection Officer
If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices:
XXX - Data Protection Officer
Email: XXX@XXX.com
Website: www.XXX.com
Response time: We aim to respond to all privacy requests within 30 days.
Legal Notices
This Privacy Policy is provided for informational purposes and does not constitute legal advice. Privacy laws are complex and vary by jurisdiction. If you have concerns about your privacy rights or how your data is used, please consult with a qualified privacy attorney in your jurisdiction.
We take your privacy seriously. Contact us with any questions or concerns.